<?php
include "../include/global.php";
include "../include/admin_check.php";
$xtpl = new XTemplate ("userWrite.htm");
//
include "../include/function.php";
$xtpl->assign("left_panel", left_panel());
$xtpl->assign("header_panel", header_panel());
$xtpl->assign("footer_panel", footer_panel());
// define language
$xtpl->assign("lbl_category", Category);
$xtpl->assign("lbl_user", User);
$xtpl->assign("lbl_username", UserName);
$xtpl->assign("lbl_firstname", FirstName);
$xtpl->assign("lbl_lastname", LastName);
$xtpl->assign("lbl_password", Password);
$xtpl->assign("lbl_confirm_password", ConfirmPassword);
$xtpl->assign("lbl_avatar", Avatar);
$xtpl->assign("lbl_address", Address);
$xtpl->assign("lbl_phone", Phone);
$xtpl->assign("lbl_save", Save);
$xtpl->assign("lbl_save_add", SaveAdd);
$xtpl->assign("lbl_cancel", Cancel);
//
$AdminID =$_SESSION['AdminID'];
$path = "/media/user/";
$image=$_FILES['image']['tmp_name'];
$image_name = $_FILES['image']['name'];	
$OldImage=$_POST['OldImage'];

$username=$_POST['username'];
$password=$_POST['password'];
$confirmpassword=$_POST['confirmpassword'];
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$address=$_POST['address'];
$phone=$_POST['phone'];

if(isset($_GET['ID']))
	$ID=$_GET['ID'];
else	
	$ID=$_POST['ID'];

$type=$_POST['type'];
$xtpl->assign("type", $type);

//
$sub_mit = $_POST['sub_mit'];
if($sub_mit=="yes"){
	if($username==""){
		$err ="yes";
		$class_username="text_error";
	}else{
		$sql_exist="SELECT username FROM ".pre_table."admin WHERE id ='$ID'";
		$result=recordset($sql_exist);
		$username_exist=$result["username"];
		$sql="SELECT username FROM ".pre_table."admin 
				WHERE username ='$username' AND username <> '$username_exist'";
		$rs=execSQL($sql);
		$num_row=mysql_num_rows($rs);
		if($num_row > 0){
			$err ="yes";
			$class_username="text_error";
			$error_admin = Error_admin;			
		}	
	}	
	if($type=='ADD'){
		if($password==""){
			$err ="yes";
			$class_password="text_error";
		}else{
			if($password!=$confirmpassword){
				$err="yes";
				$class_confirmpassword="text_error";			
				$error_password = Error_password;			
			}
		}
	}else{
		if($password!=$confirmpassword){
			$err="yes";
			$class_confirmpassword="text_error";			
			$error_password = Error_password;			
		}
	}	
	if($firstname==""){
		$err ="yes";
		$class_firstname="text_error";
	}
	if($lastname==""){
		$err ="yes";
		$class_lastname="text_error";
	}
	if($email==""){
		$err ="yes";
		$class_email="text_error";
	}
	if($address==""){
		$err ="yes";
		$class_address="text_error";
	}
	
	$xtpl->assign("username", $username);
	$xtpl->assign("password", $password);
	$xtpl->assign("confirmpassword", $confirmpassword);
	$xtpl->assign("firstname", $firstname);
	$xtpl->assign("lastname", $lastname);
	$xtpl->assign("email", $email);
	$xtpl->assign("image", $OldImage);
	$xtpl->assign("address", $address);
	$xtpl->assign("phone", $phone);
	$xtpl->assign("id", $ID);
	//
	if($err=="yes"){
		$error_text = "<strong class='text_error'>".Error_text."<br></strong>";
		$xtpl->assign("error_text", $error_text);
		$xtpl->assign("error_admin", $error_admin);
		$xtpl->assign("class_username", $class_username);
		$xtpl->assign("class_password", $class_password);
		$xtpl->assign("class_confirmpassword", $class_confirmpassword);
		$xtpl->assign("class_firstname", $class_firstname);
		$xtpl->assign("class_lastname", $class_lastname);
		$xtpl->assign("class_email", $class_email);
		$xtpl->assign("class_address", $class_address);
		$xtpl->assign("class_category", $class_category);
	}else{
		if($type=="ADD"){	
			if($image_name)
				$ImageUpload = upload_to_server(const_Web_Path.$path,$image,$image_name);

			$sql="INSERT INTO ".pre_table."admin(username, firstname, lastname, email, 
					password, image, address, phone) 
					VALUES	('".$username."', '".$firstname."', '".$lastname."', '".$email."', 
						'".md5($password)."', '".$ImageUpload."', '".$address."', '".$phone."') ";
			execSQL($sql);
		}else{				
			if($image_name)
				 $ImageUpload = upload_to_server(const_Web_Path.$path,$image,$image_name,$OldImage);
			else $ImageUpload = $OldImage;	
			
			if($password!="")
				$sql="UPDATE ".pre_table."admin SET 
						username='$username', 
						password='".md5($password)."', 
						firstname='$firstname', 
						lastname='$lastname', 
						email='$email', 
						image='$ImageUpload', 
						address='$address', 
						phone='$phone'
						WHERE id=$ID";		
			else		
				$sql="UPDATE ".pre_table."admin SET 
						username='$username', 
						firstname='$firstname', 
						lastname='$lastname', 
						email='$email', 
						image='$ImageUpload', 
						address='$address', 
						phone='$phone'
						WHERE id=$ID";			
			execSQL($sql);
		}			
	//	die;
		$save = $_POST['save'];
		$add = $_POST['add'];
		if($save)
			$xtpl->assign("successfully", redir("user.php", Successfully));
		else	
			$xtpl->assign("successfully", redir("userWrite.php", Successfully));
		//
	}
}else{
	$stsql = "select id from ".pre_table."admin";
	$rssql = execSQL($stsql);
	$ID=$_GET['ID'];
	if($ID){
		 $sql="select * from ".pre_table."admin where id='$ID'";
		 $row=recordset($sql);
		 $username=$row['username'];	
		 $firstname=$row['firstname'];	
		 $lastname=$row['lastname'];	
 		 $email=$row['email'];	
		 $image=$row['image'];	
 		 $address=$row['address'];	
 		 $phone=$row['phone'];	
		 
		 $xtpl->assign("username", $username);
		 $xtpl->assign("firstname", $firstname);
		 $xtpl->assign("lastname", $lastname);
		 $xtpl->assign("email", $email);
		 $xtpl->assign("image", $image);
		 $xtpl->assign("address", $address);
		 $xtpl->assign("phone", $phone);
 		 $xtpl->assign("id", $ID);

 		 $xtpl->assign("type", "EDIT");	
	}else{
 		 $xtpl->assign("type", "ADD");	
	}
}

//////////////////////////////////////
$xtpl->parse("MAIN");
eval("?".">".$xtpl->text("MAIN"));
?>